Hi,
I am working on RH8.0. I configured php and apache, but the post or get are not working. Any data sent by the form is not being received by the php page. This is the content of my index.html
<html> <body> <form action="trial.php" method="get"> <input type="text" name="amish"> <input type="submit"> </form> </body> </html>
And here is my trial.php
<html> <body> <?php echo("$amish"); ?> </body> </html>
But the output is a blank page, the phpinfo() page is working absolutely fine. The output of the rpm command is as shown below.
[root@munshi html]# rpm -qa | grep php php-imap-4.2.2-8.0.5 php-mysql-4.2.2-8.0.5 php-dbg-server-2.10pl3-6 php-dbg-client-2.10-6 php-pgsql-4.2.2-8.0.5 php-ldap-4.2.2-8.0.5 php-manual-4.2.2-8.0.5 php-dbg-base-2.10-4 php-4.2.2-8.0.5 php-odbc-4.2.2-8.0.5 [root@munshi html]# [root@munshi html]# rpm -qa | grep httpd httpd-manual-2.0.40-8 httpd-2.0.40-8 redhat-config-httpd-1.0.1-13 [root@munshi html]#
Where should I start hunting for the solutions.
Bye.
Hi Amish,
try setting "register_globals = On" in the php.ini file.
Let me know if it works.
Regards, Kapil Karekar Libre Technologies kapil at libretech.com 091-022-28677305 http://www.libretech.com --------------------------------------- Let's build a Free Software Economy ---------------------------------------
----- Original Message ----- From: Amish Munshi To: linuxers@mm.ilug-bom.org.in Sent: Wednesday, January 22, 2003 3:19 AM Subject: [ILUG-BOM] PHP and apache 2.0
Hi,
I am working on RH8.0. I configured php and apache, but the post or get are not working. Any data sent by the form is not being received by the php page.
This is the content of my index.html
<html> <body> <form action="trial.php" method="get"> <input type="text" name="amish"> <input type="submit"> </form> </body> </html>
And here is my trial.php
<html> <body> <?php echo("$amish"); ?> </body> </html>
But the output is a blank page, the phpinfo() page is working absolutely fine. The output of the rpm command is as shown below.
[root@munshi html]# rpm -qa | grep php php-imap-4.2.2-8.0.5 php-mysql-4.2.2-8.0.5 php-dbg-server-2.10pl3-6 php-dbg-client-2.10-6 php-pgsql-4.2.2-8.0.5 php-ldap-4.2.2-8.0.5 php-manual-4.2.2-8.0.5 php-dbg-base-2.10-4 php-4.2.2-8.0.5 php-odbc-4.2.2-8.0.5 [root@munshi html]# [root@munshi html]# rpm -qa | grep httpd httpd-manual-2.0.40-8 httpd-2.0.40-8 redhat-config-httpd-1.0.1-13 [root@munshi html]#
Where should I start hunting for the solutions.
Bye.
Amish K. Munshi In GNU we trust.
On Wed, Jan 22, 2003 at 04:33:46AM +0530, Kapil Karekar wrote:
Hi Amish,
try setting "register_globals = On" in the php.ini file.
This worked. Thanks. php.ini says that this can be a security problem, what kind of security problem can this be?
Let me know if it works.
Regards, Kapil Karekar Libre Technologies kapil at libretech.com 091-022-28677305 http://www.libretech.com
Let's build a Free Software Economy
try setting "register_globals = On" in the php.ini file.
Amish wrote This worked. Thanks. php.ini says that this can be a security problem, what kind of security problem can this be?
did u check release info? http://www.php.net/release_4_2_0.php
php4.2 onwards keep register_globals = off by default
i.e. domain.com/foo.php?bar=xxxx
you will have to write $var_name=$_GET['bar'];
if the method is post then $var_name=$_POST['bar']
more info: http://www.php.net/manual/en/language.variables.external.php
About the security http://www.php.net/manual/en/security.registerglobals.php
Regards, Ranjeet
On Wed, Jan 22, 2003 at 11:27:40AM +0530, ranjeet@nttindia.com wrote:
php4.2 onwards keep register_globals = off by default About the security http://www.php.net/manual/en/security.registerglobals.php
Thanks a lot for the info, it was very helpful.
Regards, Ranjeet
-- _______________________________________________
Amish Munshi wrote:
Hi,
I am working on RH8.0. I configured php and apache, but the post or get are not working. Any data sent by the form is not being received by the php page.
This is the content of my index.html
<html> <body> <form action="trial.php" method="get">
^^^ instead of get method use post method
On Wed, Jan 22, 2003 at 10:22:36AM +0530, Mohan Cheema wrote:
Amish Munshi wrote:
Hi,
I am working on RH8.0. I configured php and apache, but the post or get are not working. Any data sent by the form is not being received by the php page.
This is the content of my index.html
<html> <body> <form action="trial.php" method="get">
^^^instead of get method use post method
I did use it, but even that did not work. The register_globals =On did work, but it says that there is some problem with security with using it. I would like to know the alternative
Use POST method only. Also turn the register_globals off in the configuration file. To access the variables which are posted you can use the special variables.
$_POST["varname"]
Amitay.
On Wed, Jan 22, 2003 at 12:36:29PM +0530, Amish Munshi wrote:
On Wed, Jan 22, 2003 at 10:22:36AM +0530, Mohan Cheema wrote:
Amish Munshi wrote:
Hi,
I am working on RH8.0. I configured php and apache, but the post or get are not working. Any data sent by the form is not being received by the php page.
This is the content of my index.html
<html> <body> <form action="trial.php" method="get">
^^^instead of get method use post method
I did use it, but even that did not work. The register_globals =On did work, but it says that there is some problem with security with using it. I would like to know the alternative
-- Amish K. Munshi In GNU we trust.
-- _______________________________________________
Amitay.
Generally GET methods can be forged easily by adding query string to the URL. Whereas POST forging needs a little elaboration. So POST is the preferred method for sending data.
Amitay.
On Wed, Jan 22, 2003 at 02:49:12PM +0530, Philip S Tellis wrote:
On Wed, 22 Jan 2003, Amitay Isaacs wrote:
Use POST method only. Also turn the register_globals off in the
^^^^^^^^^^^^^^^^^^^^^^
why?
-- How long does it take a DEC field service engineer to change a lightbulb?
It depends on how many bad ones he brought with him.
-- _______________________________________________
Amitay.
On Wed, 22 Jan 2003, Amitay Isaacs wrote:
Generally GET methods can be forged easily by adding query string to the URL. Whereas POST forging needs a little elaboration. So POST is the preferred method for sending data.
you mean security through obscurity is better than no security at all?
and what does forging the url have to do with the fact that he wasn't able to get what was passed?
Philip
On Wed, Jan 22, 2003 at 02:18:24PM +0530, Amitay Isaacs wrote:
Use POST method only. Also turn the register_globals off in the configuration file. To access the variables which are posted you can use the special variables.
I have lots of scripts which use $vaname directly. I understand the security issues and will be programming future scripts with $_POST["varname"] in future. But whats wrong in having GET instead of POST? Is there a way by which I can change all the varaiables from $_POST["varname"] to $varname. Any function that can transfer all the variables from _POST to ones without _POST, I do not want to modify all the scripts I have already written with $varname to $_POST["varname"].
$_POST["varname"]
Amitay.
On 22/01/03 17:15 +0530, Philip S Tellis wrote:
On Wed, 22 Jan 2003, Amish Munshi wrote:
I have lots of scripts which use $vaname directly. I understand the security issues and will be programming future scripts with
what security issues?
I believe Amish meant the issues with register_globals = off. Thats like running a Perl CGI without use strict and -wT.
Devdas Bhagat
-
Amish Munshi -
Amitay Isaacs -
Devdas Bhagat -
Kapil Karekar -
Mohan Cheema -
Philip S Tellis -
ranjeet@nttindia.com